Vulnerabilidad en liboggplay en Mozilla Firefox (CVE-2009-3388)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-399
Error en la gestión de recursos
Fecha de publicación:
17/12/2009
Última modificación:
09/04/2025
Descripción
liboggplay en Mozilla Firefox v3.5.x antes de v3.5.6 y SeaMonkey antes de v2.0.1 podría permitir a atacantes dependientes de contexto causar una denegación de servicio (por caída de la aplicación) o ejecutar código arbitrario a través de vectores no especificados, relacionados con "cuestiones de seguridad de la memoria."
Impacto
Puntuación base 2.0
9.30
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:seamonkey:*:rc2:*:*:*:*:*:* | 2.0 (incluyendo) | |
| cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://secunia.com/advisories/37699
- http://secunia.com/advisories/37785
- http://secunia.com/advisories/37856
- http://secunia.com/advisories/37881
- http://securitytracker.com/id?1023335=
- http://securitytracker.com/id?1023336=
- http://www.mozilla.org/security/announce/2009/mfsa2009-66.html
- http://www.novell.com/linux/security/advisories/2009_63_firefox.html
- http://www.securityfocus.com/bid/37349
- http://www.securityfocus.com/bid/37369
- http://www.ubuntu.com/usn/USN-874-1
- http://www.vupen.com/english/advisories/2009/3547
- https://bugzilla.mozilla.org/show_bug.cgi?id=504843
- https://bugzilla.mozilla.org/show_bug.cgi?id=523816
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54804
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8009
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html
- http://secunia.com/advisories/37699
- http://secunia.com/advisories/37785
- http://secunia.com/advisories/37856
- http://secunia.com/advisories/37881
- http://securitytracker.com/id?1023335=
- http://securitytracker.com/id?1023336=
- http://www.mozilla.org/security/announce/2009/mfsa2009-66.html
- http://www.novell.com/linux/security/advisories/2009_63_firefox.html
- http://www.securityfocus.com/bid/37349
- http://www.securityfocus.com/bid/37369
- http://www.ubuntu.com/usn/USN-874-1
- http://www.vupen.com/english/advisories/2009/3547
- https://bugzilla.mozilla.org/show_bug.cgi?id=504843
- https://bugzilla.mozilla.org/show_bug.cgi?id=523816
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54804
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8009
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html